如何通過ajax向Spring後端發送「完全認證」請求？

Question

我有一個需要HTTP基本身份驗證的Spring Web服務，我試圖通過Javascript訪問它。

我的春天的安全配置有如下定義：

<security:http create-session="stateless"> 
    <security:http-basic /> 
    <security:intercept-url pattern="/item/**" 
     access="ROLE_ADMIN,ROLE_USER" /> 
</security:http> 

    <security:authentication-manager> 
    <security:authentication-provider> 
     <security:user-service> 
      <security:user name="Aladdin" password="open sesame" 
       authorities="ROLE_USER, ROLE_ADMIN" /> 
     </security:user-service> 
    </security:authentication-provider> 
</security:authentication-manager> 

而且我的JavaScript客戶端設置相應的認證頭。不過我總是會得到401的回覆：

Request URL:http://localhost:8080/item 
Request Method:GET 
Status Code:401 Full authentication is required to access this resource 

Request 
Accept:application/json, text/javascript, */*; q=0.01 
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3 
Accept-Encoding:gzip,deflate,sdch 
Accept-Language:en-US,en;q=0.8 
Authorization:BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ== 
Cache-Control:no-cache 
Connection:keep-alive 
Cookie:JSESSIONID=x8foxdzzuc8g1cqnhxj34u4tv 
Host:localhost:8080 
Pragma:no-cache 
Referer:http://localhost:8080/index.html 
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5 
X-Requested-With:XMLHttpRequest 

Response: 
Cache-Control:must-revalidate,no-cache,no-store 
Content-Length:1461 
Content-Type:text/html;charset=ISO-8859-1 
Server:Jetty(8.1.3.v20120416) 
WWW-Authenticate:Basic realm="Spring Security Application" 

有沒有從我的要求中遺失的東西？我使用維基百科的用戶/密碼示例來確保編碼不會混亂 - 它與示例匹配here

Answer 1

問題比我想象的要簡單 - 授權標頭應該說「基本」而不是「基本」。只是改變這一點就能解決整個問題。